npm - @tern-secure/backend - Versions diffs - 1.0.0 → 1.1.0 - Mend

@tern-secure/backend 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/.turbo/turbo-build.log +23 -23
package/CHANGELOG.md +19 -0
package/package.json +3 -5
package/src/admin/sessionTernSecure.ts +118 -11

package/.turbo/turbo-build.log CHANGED Viewed

@@ -1,12 +1,12 @@
-> @tern-secure/backend@1.0.0 build /home/runner/work/typescript/typescript/packages/backend
+> @tern-secure/backend@1.1.0 build /home/runner/work/typescript/typescript/packages/backend
 > pnpm clean && tsup && tsc -p tsconfig.add.json
-> @tern-secure/backend@1.0.0 clean /home/runner/work/typescript/typescript/packages/backend
+> @tern-secure/backend@1.1.0 clean /home/runner/work/typescript/typescript/packages/backend
 > rimraf dist
-[34mCLI[39m Building entry: src/index.ts, src/ternsecureauth.ts, src/utils/admin-init.ts, src/utils/config.ts, src/admin/sessionTernSecure.ts, src/admin/tenant.ts
+[34mCLI[39m Building entry: src/index.ts, src/ternsecureauth.ts, src/admin/sessionTernSecure.ts, src/admin/tenant.ts, src/utils/admin-init.ts, src/utils/config.ts
 [34mCLI[39m Using tsconfig: tsconfig.json
 [34mCLI[39m tsup v8.5.0
 [34mCLI[39m Using tsup config: /home/runner/work/typescript/typescript/packages/backend/tsup.config.ts
@@ -17,32 +17,32 @@
 [34mCLI[39m Target: node16
 [34mCLI[39m Target: node16
 [34mCLI[39m Cleaning output folder
-[34mCJS[39m Build start
-[34mCLI[39m Cleaning output folder
 [34mESM[39m Build start
-[32mCJS[39m [1mdist/cjs/admin/sessionTernSecure.js     [22m[32m5.54 KB[39m
-[32mCJS[39m [1mdist/cjs/index.js                       [22m[32m2.01 KB[39m
-[32mCJS[39m [1mdist/cjs/utils/admin-init.js            [22m[32m2.55 KB[39m
-[32mCJS[39m [1mdist/cjs/ternsecureauth.js              [22m[32m1.43 KB[39m
-[32mCJS[39m [1mdist/cjs/admin/tenant.js                [22m[32m2.25 KB[39m
-[32mCJS[39m [1mdist/cjs/utils/config.js                [22m[32m3.48 KB[39m
-[32mCJS[39m [1mdist/cjs/admin/sessionTernSecure.js.map [22m[32m8.42 KB[39m
-[32mCJS[39m [1mdist/cjs/index.js.map                   [22m[32m593.00 B[39m
-[32mCJS[39m [1mdist/cjs/utils/admin-init.js.map        [22m[32m1.42 KB[39m
-[32mCJS[39m [1mdist/cjs/ternsecureauth.js.map          [22m[32m885.00 B[39m
-[32mCJS[39m [1mdist/cjs/admin/tenant.js.map            [22m[32m2.46 KB[39m
-[32mCJS[39m [1mdist/cjs/utils/config.js.map            [22m[32m5.32 KB[39m
-[32mCJS[39m ⚡️ Build success in 31ms
+[34mCLI[39m Cleaning output folder
+[34mCJS[39m Build start
+[32mESM[39m [1mdist/esm/admin/sessionTernSecure.js     [22m[32m6.87 KB[39m
 [32mESM[39m [1mdist/esm/index.js                       [22m[32m593.00 B[39m
 [32mESM[39m [1mdist/esm/utils/admin-init.js            [22m[32m688.00 B[39m
-[32mESM[39m [1mdist/esm/admin/sessionTernSecure.js     [22m[32m3.92 KB[39m
 [32mESM[39m [1mdist/esm/ternsecureauth.js              [22m[32m407.00 B[39m
-[32mESM[39m [1mdist/esm/utils/config.js                [22m[32m2.26 KB[39m
 [32mESM[39m [1mdist/esm/admin/tenant.js                [22m[32m1.19 KB[39m
+[32mESM[39m [1mdist/esm/utils/config.js                [22m[32m2.26 KB[39m
+[32mESM[39m [1mdist/esm/admin/sessionTernSecure.js.map [22m[32m13.36 KB[39m
 [32mESM[39m [1mdist/esm/index.js.map                   [22m[32m593.00 B[39m
 [32mESM[39m [1mdist/esm/utils/admin-init.js.map        [22m[32m1.32 KB[39m
-[32mESM[39m [1mdist/esm/admin/sessionTernSecure.js.map [22m[32m8.29 KB[39m
+[32mESM[39m [1mdist/esm/admin/tenant.js.map            [22m[32m2.42 KB[39m
 [32mESM[39m [1mdist/esm/ternsecureauth.js.map          [22m[32m842.00 B[39m
 [32mESM[39m [1mdist/esm/utils/config.js.map            [22m[32m5.25 KB[39m
-[32mESM[39m [1mdist/esm/admin/tenant.js.map            [22m[32m2.42 KB[39m
-[32mESM[39m ⚡️ Build success in 33ms
+[32mESM[39m ⚡️ Build success in 34ms
+[32mCJS[39m [1mdist/cjs/index.js                       [22m[32m2.01 KB[39m
+[32mCJS[39m [1mdist/cjs/admin/tenant.js                [22m[32m2.25 KB[39m
+[32mCJS[39m [1mdist/cjs/utils/config.js                [22m[32m3.48 KB[39m
+[32mCJS[39m [1mdist/cjs/utils/admin-init.js            [22m[32m2.55 KB[39m
+[32mCJS[39m [1mdist/cjs/ternsecureauth.js              [22m[32m1.43 KB[39m
+[32mCJS[39m [1mdist/cjs/admin/sessionTernSecure.js     [22m[32m8.57 KB[39m
+[32mCJS[39m [1mdist/cjs/admin/tenant.js.map            [22m[32m2.46 KB[39m
+[32mCJS[39m [1mdist/cjs/utils/config.js.map            [22m[32m5.32 KB[39m
+[32mCJS[39m [1mdist/cjs/index.js.map                   [22m[32m593.00 B[39m
+[32mCJS[39m [1mdist/cjs/utils/admin-init.js.map        [22m[32m1.42 KB[39m
+[32mCJS[39m [1mdist/cjs/ternsecureauth.js.map          [22m[32m885.00 B[39m
+[32mCJS[39m [1mdist/cjs/admin/sessionTernSecure.js.map [22m[32m13.49 KB[39m
+[32mCJS[39m ⚡️ Build success in 34ms

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,24 @@
 # @tern-secure/backend
+## 1.1.0
+### Minor Changes
+- 5f29862: advanced Auth cookies and session management
+### Patch Changes
+- Updated dependencies [5f29862]
+  - @tern-secure/types@1.0.2
+## 1.0.1
+### Patch Changes
+- 367a100: fix: Update ternUIgetScriptUrl to use TernSecureDev flag and switch CDN to HTTPS.
+- Updated dependencies [367a100]
+  - @tern-secure/types@1.0.1
 ## 1.0.0
 ### Major Changes

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@tern-secure/backend",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/TernSecure/typescript.git",
@@ -18,15 +18,13 @@
   },
   "dependencies": {
     "tslib": "2.4.1",
-    "@tern-secure/types": "1.0.0"
+    "@tern-secure/types": "1.0.2"
   },
   "devDependencies": {
+    "firebase-admin": "^12.7.0",
     "jose": "^5.0.0",
     "next": "15.3.2"
   },
-  "peerDependencies": {
-    "firebase-admin": "^12.0.0"
-  },
   "engines": {
     "node": ">=20"
   },

package/src/admin/sessionTernSecure.ts CHANGED Viewed

@@ -2,7 +2,7 @@
 import { cookies } from 'next/headers';
 import { adminTernSecureAuth as adminAuth } from '../utils/admin-init';
-import { handleFirebaseAuthError, type AuthErrorResponse } from '@tern-secure/types';
+import { handleFirebaseAuthError, type AuthErrorResponse, type SessionParams, type SessionResult } from '@tern-secure/types';
 interface FirebaseAuthError extends Error {
   code?: string;
@@ -25,21 +25,128 @@ interface TernVerificationResult extends User {
   error?: AuthErrorResponse
 }
-export async function createSessionCookie(idToken: string) {
+// DRY Constants
+const SESSION_CONSTANTS = {
+  COOKIE_NAME: '_session_cookie',
+  DEFAULT_EXPIRES_IN_MS: 60 * 60 * 24 * 5 * 1000, // 5 days
+  DEFAULT_EXPIRES_IN_SECONDS: 60 * 60 * 24 * 5,
+} as const;
+const COOKIE_OPTIONS = {
+  httpOnly: true,
+  secure: process.env.NODE_ENV === 'production',
+  sameSite: 'strict' as const,
+  path: '/',
+} as const;
+export async function createSessionCookie(params: SessionParams | string): Promise<SessionResult> {
   try {
-    const expiresIn = 60 * 60 * 24 * 5 * 1000;
-      const sessionCookie = await adminAuth.createSessionCookie(idToken, { expiresIn });
+    // Handle both old string format and new object format for backward compatibility
+    const idToken = typeof params === 'string' ? params : params.idToken;
+    if (!idToken) {
+      const error = new Error('ID token is required for session creation');
+      console.error('[createSessionCookie] Missing ID token:', error);
+      return {
+        success: false,
+        message: 'ID token is required',
+        error: 'INVALID_TOKEN',
+        cookieSet: false
+      };
+    }
+    // Verify the ID token first
+    let decodedToken;
+    try {
+      decodedToken = await adminAuth.verifyIdToken(idToken);
+    } catch (verifyError) {
+      console.error('[createSessionCookie] ID token verification failed:', verifyError);
+      const authError = handleFirebaseAuthError(verifyError);
+      return {
+        success: false,
+        message: authError.message,
+        error: authError.code,
+        cookieSet: false
+      };
+    }
+    if (!decodedToken) {
+      const error = new Error('Invalid ID token - verification returned null');
+      console.error('[createSessionCookie] Token verification returned null:', error);
+      return {
+        success: false,
+        message: 'Invalid ID token',
+        error: 'INVALID_TOKEN',
+        cookieSet: false
+      };
+    }
+    // Create session cookie
+    let sessionCookie;
+    try {
+      sessionCookie = await adminAuth.createSessionCookie(idToken, {
+        expiresIn: SESSION_CONSTANTS.DEFAULT_EXPIRES_IN_MS
+      });
+    } catch (sessionError) {
+      console.error('[createSessionCookie] Firebase session cookie creation failed:', sessionError);
+      const authError = handleFirebaseAuthError(sessionError);
+      return {
+        success: false,
+        message: authError.message,
+        error: authError.code,
+        cookieSet: false
+      };
+    }
+    // Set the cookie and verify it was set
+    let cookieSetSuccessfully = false;
+    try {
       const cookieStore = await cookies();
-      cookieStore.set('_session_cookie', sessionCookie, {
-          maxAge: expiresIn,
-          httpOnly: true,
-          secure: process.env.NODE_ENV === 'production',
-          path: '/',
+      cookieStore.set(SESSION_CONSTANTS.COOKIE_NAME, sessionCookie, {
+        maxAge: SESSION_CONSTANTS.DEFAULT_EXPIRES_IN_SECONDS,
+        ...COOKIE_OPTIONS,
       });
-      return { success: true, message: 'Session created' };
+      // Verify the cookie was actually set
+      const verifySetCookie = cookieStore.get(SESSION_CONSTANTS.COOKIE_NAME);
+      cookieSetSuccessfully = !!verifySetCookie?.value;
+      if (!cookieSetSuccessfully) {
+        const error = new Error('Session cookie was not set successfully');
+        console.error('[createSessionCookie] Cookie verification failed:', error);
+        throw error;
+      }
+    } catch (cookieError) {
+      console.error('[createSessionCookie] Failed to set session cookie:', cookieError);
+      return {
+        success: false,
+        message: 'Failed to set session cookie',
+        error: 'COOKIE_SET_FAILED',
+        cookieSet: false
+      };
+    }
+    console.log(`[createSessionCookie] Session cookie created successfully for user: ${decodedToken.uid}`);
+    return {
+      success: true,
+      message: 'Session created successfully',
+      expiresIn: SESSION_CONSTANTS.DEFAULT_EXPIRES_IN_SECONDS,
+      cookieSet: cookieSetSuccessfully
+    };
   } catch (error) {
-      return { success: false, message: 'Failed to create session' };
+    console.error('[createSessionCookie] Unexpected error:', error);
+    const authError = handleFirebaseAuthError(error);
+    return {
+      success: false,
+      message: authError.message || 'Failed to create session',
+      error: authError.code || 'INTERNAL_ERROR',
+      cookieSet: false
+    };
   }
 }